Re: [netmod] Comments on NMDA-04

Robert Wilton <rwilton@cisco.com> Mon, 02 October 2017 08:10 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: netmod@ietfa.amsl.com
Delivered-To: netmod@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E053134FFD for <netmod@ietfa.amsl.com>; Mon, 2 Oct 2017 01:10:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.499
X-Spam-Level:
X-Spam-Status: No, score=-14.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7rEa4zYuN1Ot for <netmod@ietfa.amsl.com>; Mon, 2 Oct 2017 01:10:28 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8477134FFA for <netmod@ietf.org>; Mon, 2 Oct 2017 01:10:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=24229; q=dns/txt; s=iport; t=1506931824; x=1508141424; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to; bh=OL/lX1vhH8jVKIA7R0f8nZkax+DjDfOaspSGgULJSOM=; b=J/uKonL/OnWbLVcFzES64C25kwRoKCBW1wSt5i3TqEO3g4MNLPA5irkv 7H51DrvsXjC43m87LrtBrjKigA8ulkjPDMqZdHDnAzJlOvCyxuuz+jXsl Yjel75DrY2uf6tiEoee+EVbh31q64J14iHg9qxqm2WpPBKWA6Xgl9QnpP E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BzAQAw89FZ/xbLJq1bGQEBAQEBAQEBA?= =?us-ascii?q?QEBBwEBAQEBhEFuJ4N5ixOQY5Y6ggQKGAEKhElPAoR9FQECAQEBAQEBAWsohRg?= =?us-ascii?q?BAQEBAgEBASFLCxALGBULBwMCAicfEQYNBgIBAYokCBCkaYInJ4sLAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBGAWDLYNTgWorgn2EPy9VglSCYQWYWIhah16NB4tdhyy?= =?us-ascii?q?NeYdbgTk1IkJMMiEIHRVJhGGCPT82hnosghUBAQE?=
X-IronPort-AV: E=Sophos;i="5.42,468,1500940800"; d="scan'208,217";a="656148410"
Received: from aer-iport-nat.cisco.com (HELO aer-core-3.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Oct 2017 08:10:19 +0000
Received: from [10.63.23.52] (dhcp-ensft1-uk-vla370-10-63-23-52.cisco.com [10.63.23.52]) by aer-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id v928AIim032464; Mon, 2 Oct 2017 08:10:19 GMT
To: Andy Bierman <andy@yumaworks.com>
Cc: Balazs Lengyel <balazs.lengyel@ericsson.com>, Martin Bjorklund <mbj@tail-f.com>, "netmod@ietf.org" <netmod@ietf.org>
References: <9ec6b2e4-36a7-87e6-59fa-828855235835@ericsson.com> <20170914.163239.143365521945928900.mbj@tail-f.com> <0605fab0-f879-e02d-4858-52a247571cb8@ericsson.com> <bfebbf31-a241-2409-e126-770711e7e635@cisco.com> <CABCOCHRGMH=Djab4T4+Tgth2-WZykREhK=3uEu_XX1JmuYS=wQ@mail.gmail.com>
From: Robert Wilton <rwilton@cisco.com>
Message-ID: <79d37d96-fc49-9d02-201f-663dfdf3d836@cisco.com>
Date: Mon, 2 Oct 2017 09:10:18 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <CABCOCHRGMH=Djab4T4+Tgth2-WZykREhK=3uEu_XX1JmuYS=wQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------FA54B088E403C1188DB4C8CD"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/netmod/t-KsRq-veZR_h904zVHeDsmJDpA>
Subject: Re: [netmod] Comments on NMDA-04
X-BeenThere: netmod@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: NETMOD WG list <netmod.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netmod>, <mailto:netmod-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netmod/>
List-Post: <mailto:netmod@ietf.org>
List-Help: <mailto:netmod-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netmod>, <mailto:netmod-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Oct 2017 08:10:36 -0000

Hi Andy,


On 29/09/2017 17:46, Andy Bierman wrote:
>
>
> On Thu, Sep 28, 2017 at 9:28 AM, Robert Wilton <rwilton@cisco.com 
> <mailto:rwilton@cisco.com>> wrote:
>
>     Hi,
>
>     Regarding the issue "Is it allowed to violate uniqueness of key
>     values?", https://github.com/netmod-wg/datastore-dt/issues/10
>     <https://github.com/netmod-wg/datastore-dt/issues/10>
>
>     We have discussed this further, and would like to extend the text
>     in the draft to explicitly allow key uniqueness to be violated!
>
>
> so we can rubber-stamp buggy servers?
> I do not agree this is needed.

So, the aim here is not to standardize buggy servers.

The aim here is to ensure that clients understand that the content of 
the operational state datastore aims to reflect the live operational 
state of the device.  Because it is reflecting live data, and that data 
may be constantly changing, it is not possibly to guarantee that the 
data tree that represents the operational state is always a valid state 
data tree.


>
>     We have thought of several cases where it is possible that
>     duplicate entries could appear, and we don't want to force any
>     overhead on the device to guarantee that this does not occur, nor
>     do we want to force synchronization between configuration
>     processing and what is reported in <operational>.  Of course, in
>     normal circumstances this constraint, like the others, should not
>     be violated. This is already stated in the draft.
>
>     Examples of where uniqueness of list keys could be violated include:
>     1) If a device is internally paging the results back for a long
>     list, then it is possible that a entry could have been reported
>     near the beginning of the list, then moved, and then reported
>     again at the end of the list.
>
>
>
> The data is question is simply part of an <rpc-reply> and it is 
> subject to the validation
> requirements for RPC replies only.  Note also that the payload to 
> represent an arbitrary
> configuration datastore has to be done with anydata or anyxml.  RPC 
> reply validation
> rules for these nodes do not extend to contents of the anydata instance.

The text in section 4.7  is referring to the validity of the state data 
tree represented by <operational> rather than the contents of an 
<rpc-reply>.

The same considerations should also apply if the data is being streamed 
from the device via YANG push, or one of the other telemetry protocols.

>
>
>     2) If the list being stored somewhere in the system has become
>     corrupted and contains duplicate entries.  It is better to return
>     truth.
>
>
>
> It is better to fix the buggy server.
> Again, a representation of some portion of a datastore in an <rpc-reply>
> has nothing to do with the YANG validation of a datastore within a server.

I strongly agree that it is better to fix a buggy server, but it becomes 
much harder to fix if nobody is allowed to see that it is broken in the 
first place.  I.e. it is better to return the actual data that is wrong 
than to pretend that it is OK (e.g. by removing any entries that have 
duplicate keys before returning the data).

Do have any objections with the specific text change that I have 
proposed below.

Thanks,
Rob


>
>
>     3) On a distributed system where the list is being constructed
>     from multiple nodes (e.g. linecards or peer devices) then if a
>     list entry is moved from one node to another then it is again
>     possible that an entry could be reported in both places (or
>     neither) for a short interval before the system becomes consistent
>     again.
>
>
>
> Once again, this is an <rpc-reply> representation, not the validation 
> of a datastore
> within a server.
>
>
>
> Andy
>
>
>
>     Proposed text:
>
>     OLD:
>
>        <operational> SHOULD conform to any constraints specified in
>     the data
>        model, but given the principal aim of returning "in use" values, it
>        is possible that constraints MAY be violated under some
>        circumstances, e.g., an abnormal value is "in use", or due to
>     remnant
>        configuration (see Section 4.3.1).  Note, that deviations are still
>        used when it is known in advance that a device does not fully
>     conform
>        to the <operational> schema.
>
>        Only semantic constraints MAY be violated, these are the YANG
>     "when",
>        "must", "mandatory", "unique", "min-elements", and "max-elements"
>        statements.
>
>     NEW:
>
>        <operational> SHOULD conform to any constraints specified in
>     the data
>        model, but given the principal aim of returning "in use" values, it
>        is possible that constraints MAY be violated under some
>        circumstances, e.g., an abnormal value is "in use", the
>     structure of
>        a list is being modified, or due to remnant configuration (see
>        Section 4.3.1).  Note, that deviations are still used when it is
>        known in advance that a device does not fully conform to the
>        <operational> schema.
>
>        Only semantic constraints MAY be violated, these are the YANG
>     "when",
>        "must", "mandatory", "unique", "min-elements", and "max-elements"
>        statements; and the uniqueness of key values.
>
>     Again, if there are no objections, I will apply this change.
>
>     Thanks,
>     Rob
>
>
>     On 14/09/2017 16:44, Balazs Lengyel wrote:
>
>         See below !
>
>
>         On 2017-09-14 16:32, Martin Bjorklund wrote:
>
>                 CH 4.4.)  "Validation is performed on the contents of
>                 <intended>."
>                 This to me means that default data is not considered
>                 at validation
>
>             Note that RFC 7950, section 6.4.1, says:
>
>                 In the accessible tree, all leafs and leaf-lists with
>             default values
>                 in use exist (see Sections 7.6.1 and 7.7.2).
>
>             So defaults are taken into account when intended is validated.
>
>         BALAZS: Yes the two seem to contradict each other. This can be
>         understood in your way, however the current text is not clear
>         enough. I would add:
>         Validation is performed on the contents of <intended>
>         (EXTENDED WITH DEFAULT CONFIGURATION).
>
>                 which would be a backwards incompatible change. Also
>                 if validation
>                 does not consider system configured data that would
>                 allow cases like
>                 multiple interfaces named lo0. One from <intended> one
>                 from system
>                 configuration. IMHO while it is OK to violate
>                 uniqueness because of
>                 remnant data, the above violation of uniqueness seems
>                 a bad idea.
>
>             If your system adds data to <running>, or to <intended>,
>             it will be
>             validated.
>
>                 Ch. 4.7) Is it allowed to violate uniqueness of key
>                 values? IMHO it
>                 should not be.
>
>             Agreed.  Note that the draft explicitly lists the
>             constraints that can
>             be violated, and uniqueness of keys is not listed.
>
>         BALAZS: If that is the intent I would propose to explicitly
>         state it. For me it was non-trivial.
>         Can a a choice statement be violated? Having to existing
>         branches at the same time? It seems a semantic constraint to
>         me. IMHO yes.
>         Can an if-feature be violated? If  support has just changed
>         and we have some remnant config, I can very well imagine it
>         violated.
>
>         Also here could you change
>         If a node in  <operational> does not meet the syntactic
>         constraints then it cannot   be returned
>         to
>         If a node in  <operational> does not meet the syntactic
>         constraints then it MUST NOT be returned
>
>             /martin
>
>
>
>     _______________________________________________
>     netmod mailing list
>     netmod@ietf.org <mailto:netmod@ietf.org>
>     https://www.ietf.org/mailman/listinfo/netmod
>     <https://www.ietf.org/mailman/listinfo/netmod>
>
>